From Ars Technica:
Dropbox has disabled access to previously created shared links to certain kinds of documents after the discovery that some users' sensitive files—including tax returns and bank records—were exposed through Google AdWords campaigns.
How it was discovered:
The flaw was discovered by file-sharing company IntraLinks, which was purchasing ads that would appear on Google when people search for the names of its competitors. IntraLinks said that "During a routine analysis of Google AdWords and Google Analytics data mentioning competitors’ names (Dropbox and Box), we inadvertently discovered the fully clickable URLs necessary to access these documents that led us to live folder contents, some with sensitive data. Through these links, we gained access to confidential files including tax returns, bank records, mortgage applications, blueprints and business plans—all highly sensitive information, some perhaps sufficient for identity theft and other crimes."
How to protect yourself:
For Dropbox Business users, make sure you only share documents with members of your business team. For Box users, make sure you only share documents with collaborators you trust.
While online storage is a great feature, this event highlights the fact that security flaws can and will happen. Using the strictest permissions possible is always best practice.